<?php
# !!!!!!!!!! DON'T MAKE ANY CHANGE IF YOU DON'T KNOW WHAT YOU'RE DOING !!!!!!!!!!
// --------------------------------------------------------------------------------------------------------------
// File Name              :	makeorder.php
// Last Modification Time	:	2008-02-01 24:00
// Last Modified by       :	turker (turker.biz@gmail.com)
// list of modifications  :
//
//	- 2008-02-01 turker
//		* 24:00 file created.
//
// --------------------------------------------------------------------------------------------------------------
if (eregi("makeorder.php",$_SERVER['PHP_SELF'])) {
	header ("Location:../index.php");
	exit;
}

if (!isLogged()) {
	header ("Location:$SITE_URL/");
	exit;
}

?>
<!--div:icerik -->
    <div id="icerik">
      <p>
<?php
$user_id=getActiveUser();
if (empty($_POST)) {
   $action="index.php?page=makeorder";
   if ($SITE_SEO) $action="$SITE_URL/makeorder";
?>
<script language="javascript" type="text/javascript">
$(document).ready(function(){
  $("#makeorder").click(function() {
    if(confirm("<?php echo $_LANG['makeorder']['astorder']; ?>")) {
      if ($("#address").val()=='') {
        alert('<?php echo $_LANG['makeorder']['error1']; ?>');
        $("#address").focus();
      }
      else $("#orderform").submit();
    }
  });
});
</script>
<?php
	# sepetteki urunleri bul
  //id, user_id, item_id, price_id, exchange_id, piece, date, ordered
  //id, name, exchange
  //id, item_id, exchange_id, price, info, campaign, campaign_price, active, vat
  //id, item, summary, info, name, home, new, lang, show_price, xml_code, image
  //RESULT : bid,piece,order_date,ename,exchange,price,campaign,campaign_price,vat,item
  $active="and $ITEM_PRICES_TABLE.active='1'";
  if (isAdmin()) $active='';
  $sql="select $BASKET_TABLE.id as bid,$BASKET_TABLE.date as bdate,$BASKET_TABLE.piece,$BASKET_TABLE.date,$EXCHANGES_TABLE.name as ename,$EXCHANGES_TABLE.exchange,$ITEMS_TABLE.id,";
  $sql.="$ITEM_PRICES_TABLE.price,$ITEM_PRICES_TABLE.campaign,$ITEM_PRICES_TABLE.campaign_price,$ITEM_PRICES_TABLE.info,$ITEM_PRICES_TABLE.vat,$ITEMS_TABLE.item,$ITEMS_TABLE.name from ";
  $sql.="$BASKET_TABLE,$ITEM_PRICES_TABLE,$EXCHANGES_TABLE,$ITEMS_TABLE where $BASKET_TABLE.user_id='$user_id' and $BASKET_TABLE.price_id=$ITEM_PRICES_TABLE.id and ";
  $sql.="$BASKET_TABLE.exchange_id=$EXCHANGES_TABLE.id and $ITEMS_TABLE.lang='$SITE_DEF_LANG' $active  and $BASKET_TABLE.ordered='0' and ";
  $sql.="$ITEM_PRICES_TABLE.item_id=$ITEMS_TABLE.id and $ITEM_PRICES_TABLE.exchange_id=$EXCHANGES_TABLE.id order by $BASKET_TABLE.date desc";

  $q=$mysql->query($sql);
  if ($mysql->numRows($q)>0) {
    $global_total=0;
    echo '<form id="orderform" action="'.$action.'" method="post">';
    echo '<table cellpadding="2" cellspacing="0" width="100%">';
    echo '<tr><th align="center">'.$_LANG['general']['date'].'</th><th>'.$_LANG['makeorder']['item'].'</th>'
        .'<th align="center">'.$_LANG['makeorder']['piece'].'</th><th align="right">'.$_LANG['makeorder']['upiece'].'</th>'
        .'<th align="right">'.$_LANG['makeorder']['vat'].'</th><th align="right">'.$_LANG['makeorder']['total'].'</th></tr>';
    while ($read=$mysql->fetch($q)) {
    	$basket_id=$read['bid'];
    	$piece=$read['piece'];
    	$date=$read['bdate']; #*
    	$ename=$prep->html($read['ename']);
    	$exchange=$read['exchange'];
    	$price=$read['price']; #*
    	$campaign=$read['campaign']; #*
    	$campaign_price=$read['campaign_price']; #*
    	$vat=$read['vat'];
    	$item=$prep->html($read['item']); #*
    	$item_id=$read['id']; #*
    	$name=$read['name']; #*
    	$price_info=$prep->html($read['info']); #**

    	$date=date('d/m/y H:i',$date);
    	if ($campaign_price>0&&$campaign) $price=$campaign_price;

      $price=round($price*$exchange,2);
      $vat=round($price*$piece*$vat/100,2);
      $total=round($price*$piece+$vat,2);
      $global_total+=$total;

    	echo <<<html
    	<tr id="$basket_id">
        <td align="center">$date</td>
        <td>$item $price_info</td>
        <td align="center">$piece</td>
        <td align="right">$price YTL</td>
        <td align="right">$vat YTL</td>
        <td align="right">$total YTL</td>
    	</tr>
html;
    }
    $name=$prep->html(getActiveUser("name"));
    $address=$prep->html(getActiveUser("address"));
    $phone=$prep->html(getActiveUser("phone"));
    $city=getActiveUser("city");
    $city=$CITIES[$city];
    echo '<input type="hidden" name="total" value="'.$global_total.'" />';
    echo '<tr><td colspan="5" align="right">'.$_LANG['makeorder']['gtotal'].'</td><td align="right">'.$global_total.' YTL</td></tr>';
    echo '<tr><td align="right">'.$_LANG['general']['name'].': </td><td colspan="5">'.$name.' </td></tr>';
    echo '<tr><td align="right">'.$_LANG['general']['phone'].': </td><td colspan="5">'.$phone.' </td></tr>';
    echo '<tr><td align="right" valign="top">'.$_LANG['general']['address'].': </td><td colspan="5"><textarea rows="5" cols="41" name="address" id="address">'.$address.' '.$city.'</textarea></td></tr>';
    echo '<tr><td align="right">'.$_LANG['makeorder']['onote'].': </td><td colspan="5"><input type="text" size="55" name="user_note" id="user_note" /></td></tr>';
    echo '<td colspan="6" align="center"><input type="button" value=" '.$_LANG['makeorder']['order'].' " id="makeorder" />&nbsp;&nbsp;&nbsp;&nbsp;</td></tr>';
    echo '</table></form><br />'.goBack();
  }
  else echo $_LANG['makeorder']['error2'];
}
else {
  $address=@trim($_POST['address']);
  $user_note=@trim($_POST['user_note']);
  $total=@trim($_POST['total']);
  if (empty($address)) echo 'Adres bölümünü boş bırakmayınız!<br />'.goBack();
  elseif (!is_numeric($total)||$total<1) echo 'Geçersiz işlem!<br />'.goBack();
  else {
    $ids=array();
    $q=$mysql->query("select id from $BASKET_TABLE where user_id='$user_id' and ordered='0'");
    while ($read=$mysql->fetch($q)) {
    	$ids[]=$read['id'];
    }

    $ids=implode('|',$ids);
    $date=time()+(60*$TIME_CORRECTION);
    $address=$mysql->escape($address);
    $user_note=$mysql->escape($user_note);
    $ids=$mysql->escape($ids);

    //id, basket_ids, buy, buy_date, send, send_date, address, order_note, admin_note, user_id, total
    $q=$mysql->query("insert into $ORDERS_TABLE values('','$ids','1','$date','0','0','$address','$user_note','','$user_id','$total')");
    if (!$q) echo $_LANG['makeorder']['error3'].' '.$_LANG['errors']['error3'];
    else {
      // id, user_id, item_id, price_id, exchange_id, piece, date, ordered
      $q=$mysql->query("update $BASKET_TABLE set ordered='1' where user_id='$user_id'");
      if (!$q) echo 'HATA!!<br />';

      echo $_LANG['makeorder']['ok'];
    }
  }
}
?>
      </p>
    </div>
<!--//div:icerik -->